Malware Analysis Report

2025-01-22 20:14

Sample ID 241019-xpx18aseqe
Target 730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N
SHA256 730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985

Threat Level: Likely malicious

The file 730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4366) files with added filename extension

Renames multiple (3157) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 19:02

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 19:02

Reported

2024-10-19 19:04

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe"

Signatures

Renames multiple (3157) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Internet Explorer\iedvtool.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\fr-FR\Solitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\ResolveReset.DVR.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montevideo.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe

"C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe"

Network

N/A

Files

memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 7e44523fb9d08c54149b5ff6c85ba65b
SHA1 6f4a82c529b077a66a02e8c85afe067328acacb6
SHA256 b0327b9c90c32ec7f1bf362d9270de63ee6b7ff32a2f8808154f25b632999a63
SHA512 185e865cb555620edaa5af44ab651303382944ef9d06d815fdfc605caf6714f6e95688a8ce27369ef5914efbc4eaad7fcca8682d8eb6fb36bfa010db14283fa1

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8a0fafa0da829888e7a2a1b87b378e19
SHA1 c4f0bdd692efddd61079be24b248234f140cdf56
SHA256 e901267c0fa390bfba1d155f064da7707562e0751bf652bde61c9350f9c5574e
SHA512 45d045691a9969b1f62944b53e48bc1f41db58dfe850a6b9c23f5731da033bb5e8182ae1f9d81a7fa470b072be6eacdca31d085c11fa2007982c02d0e75f9184

memory/2364-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 19:02

Reported

2024-10-19 19:04

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe"

Signatures

Renames multiple (4366) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Asn1.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Csp.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe

"C:\Users\Admin\AppData\Local\Temp\730ec1782f8c1fe7ebd7d75967fa356563b3b4ce6e45b3550ec996e420e39985N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/5104-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 5959874a3a580d46b186791c66c98cca
SHA1 7b0c62070e4dc1abdf515dc54e03fb89ac97ffdd
SHA256 5e343ee885ef3c6d3904352afe0e804dcb8fb7bc791dd2a15f6ea528792651d5
SHA512 d0d3a73e09681abf31bcdc85d3cd525ee72687a8dcf4362e1e6a0d27ca4cf924266af1242aaa7b345304634bbdb0e8ea765b9c5e01063049a24e72863e5eb9ab

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 077a1672de031fdf5e9a6dae4364419e
SHA1 d066d5de6707e289379969ecd1e07135fe151741
SHA256 1476567c3537890bf80d7360b0f2b78d1ffcbf957e57308c81a1e24960f51543
SHA512 2ced867dd6da1d351bb97776659f0ad921727405d47353ad16db3058ba0527b6baf14ad1cb21dc0b6ff92dc3f8c0f68a353faa30f5b914673ba57c2d5f325b34

memory/5104-664-0x0000000000400000-0x000000000040A000-memory.dmp